Beginner’s guide: OSSIM Part 2

Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM.

Pentest Lab

 I hear lots of queries regarding how to set up a Pentest lab
There are two ways in which you can set up private testing labs.
  1. Use physical hardware to build
  2. Use one physical hardware and virtualize everything in it

fig1


As shown in fig 1, we need to have dedicated hardware physically available to  test. Tthe drawbacks are, it is not portable and very expensive.
fig 2
 
 As shown in fig 2 its better to virtualize anything we need to test in our own laptop or desktop.
There is no extra cost, and very handy and portable. But a it'll be a bit hard to understand the basic concepts of virtual networking and OS installation.

Before jumping into virtualization we need some essential piece of softwares.
Below are the list of few. Please download and stay tuned for next blog on "Virtualization".

Virtualization software's
Tiger Box
Vulnerable OS for testing

Comments

Popular posts from this blog

Beginner’s guide: OSSIM (Open Source Security Information Management) part 1

Beginner’s guide: OSSIM Part 2

Beginner’s guide: How to setup a SOC (Security Operations Center)